Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heavy Viral Infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 HyBriD54

HyBriD54

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 05 July 2008 - 09:17 AM

Hello. One of my computers at home (I'm posting from another computer) has caught a rather serious batch of malware. I have attempted to remove them using anti-spyware (according to AVG I have successfully removed approximately 1300 viruses, but it is still evident that viruses are present in the system).

This HiJackThis! log was scanned and the computer system was NOT modified in any form or way in terms of software (i.e I did not install/uninstall anything or perform a virus scan and remove viruses). If I am doing something wrong, please notify me of any mistakes.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:17:23, on 2008-7-6
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [draw memo up hide] C:\Documents and Settings\All Users\Application Data\platform dupe draw memo\Free Skip.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [startstupid] C:\DOCUME~1\Kan\APPLIC~1\JUMPSI~1\Bend itch seek.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Tencent QQ.lnk = C:\Program Files\TENCENT\QQ\QQ.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?SystemRoot%\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\TENCENT\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00ED066E-EBD1-4880-96BB-8277EC02BF6D}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE3E7D5-B355-4016-B477-A241A72779F4}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A12A3B7-8C5F-4CAF-AD48-5043E015FE1F}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C1E557-647B-42CA-9572-B4B65F4CC5E8}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{00ED066E-EBD1-4880-96BB-8277EC02BF6D}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{00ED066E-EBD1-4880-96BB-8277EC02BF6D}: NameServer = 85.255.115.74,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.74 85.255.112.129
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe

--
End of file - 8100 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 08 July 2008 - 04:03 AM

Looking at your system now, one or more of the identified infections is a Hijacker. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear




Firstly you have to patch Service Pack 1a to your computer. This patch contains critical securities updates for your computer. Without it your computer is wide open to re-infection and any fix attempt is useless.
Please go HERE to update your Windows to Service Pack 1a. Apply the update. After that please reboot before proceed to the next step.

Please
DO NOT apply Service Pack 2 into your computer until we give it all clear.





NEXT


Please download FixWareout by LonnyRJones and save it to your desktop.

Please doubleclick Fixwareout >> click Next, then Install, make sure Run fixit is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please let your firewall allow it.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please post the following logs in your next reply...

1. FixWareout
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 08 July 2008 - 06:23 AM

File: Main.txt

Deckard's System Scanner v20071014.68
Run by Kan on 2008-07-08 21:10:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-07-08 11:11:02 UTC - RP237 - Deckard's System Scanner Restore Point
43: 2008-07-08 10:12:17 UTC - RP236 - System Checkpoint
42: 2008-07-05 12:28:33 UTC - RP235 - System Checkpoint
41: 2008-06-25 10:04:58 UTC - RP234 - System Checkpoint
40: 2008-06-22 07:22:42 UTC - RP233 - System Checkpoint


-- First Restore Point --
1: 2008-03-31 11:07:09 UTC - RP194 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Kan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:40, on 2008-7-8
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe
C:\Documents and Settings\Kan\My Documents\Applications\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kan.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [draw memo up hide] C:\Documents and Settings\All Users\Application Data\platform dupe draw memo\Free Skip.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [startstupid] C:\DOCUME~1\Kan\APPLIC~1\JUMPSI~1\Bend itch seek.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Tencent QQ.lnk = C:\Program Files\TENCENT\QQ\QQ.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?SystemRoot%\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\TENCENT\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe

--
End of file - 6920 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.chm - chm.file - shell\open\command - "hh.exe" %1
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,7
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,6


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\documents and settings\kan\my documents\lily\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\documents and settings\kan\my documents\lily\qq\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 SIS163u (SiS 163 usb Wireless LAN Adapter Driver) - c:\windows\system32\drivers\sis163u.sys <Not Verified; SiS Corporation; NDIS NIC Driver>
R3 SISNPF (SIS Netgroup Packet Filter) - c:\windows\system32\drivers\sisnpf.sys <Not Verified; Politecnico di Torino; NPF Driver>
R3 WFsys (WinFox Control I/O Driver) - c:\windows\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SiSWLSvc (SiS WirelessLan Service) - c:\program files\802.11 wireless lan\802.11g pen size wireless usb 2.0 adapter hw.32 v1.00\siswlsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 21:00:02 262 --ah----- C:\WINDOWS\Tasks\A82768E191911FF9.job
2008-07-08 20:59:02 250 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-07 21:37:02 258 --a------ C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job
2008-07-05 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job
2008-06-26 13:21:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-06 00:12:24 0 d-------- C:\Program Files\Trend Micro
2008-07-03 21:33:38 0 d-------- C:\Documents and Settings\admin\Application Data\Lavasoft
2008-07-02 21:10:08 0 d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2008-07-02 21:02:35 0 d-------- C:\Documents and Settings\Kan\Application Data\Grisoft
2008-07-02 21:02:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-24 21:09:57 0 d-------- C:\Program Files\InterActual


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
"NvCplDaemon"="NvQTwk" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-23 23:00]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2001-08-23 22:00]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-23 22:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-23 22:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-18 21:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10]
"draw memo up hide"="C:\Documents and Settings\All Users\Application Data\platform dupe draw memo\Free Skip.exe" [2008-07-08 20:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-12-04 21:33]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"startstupid"="C:\DOCUME~1\Kan\APPLIC~1\JUMPSI~1\Bend itch seek.exe" [2008-04-29 11:07]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Kan\Start Menu\Programs\Startup\
Tencent QQ.lnk - C:\Program Files\TENCENT\QQ\QQ.exe [2006-4-30 16:06:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2006-10-16 21:14:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 1:01:04]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 4:44:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusAgent]
C:\Program Files\iriver\iriver plus\iAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme




-- End of Deckard's System Scanner: finished at 2008-07-08 21:13:20 ------------



File: Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 255.47 MiB / 79.07 MiB
Pagefile Memory (total/avail): 618.97 MiB / 296.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.49 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.26 GiB total, 11.15 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LILY
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\LILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kan\LOCALS~1\Temp
USERDOMAIN=LILY
USERNAME=Kan
USERPROFILE=C:\Documents and Settings\Kan
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kan (admin)
admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /UNINSTALL /PROMPT
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"SubEdit-Player" --> C:\DOCUMENTS AND SETTINGS\KAN\MY DOCUMENTS\LILY\AVI\Uninstal.exe
??????? 1.2 ? --> C:\Program Files\wnpy\wnpyUninst.exe /Uninstall
802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BDC88E5A-F47B-4314-AB38-994592E32C95}
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (1.0) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0 (en-US)"
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
QQ2005 Formal --> C:\Program Files\Tencent\QQ\uninst.exe
QuickCam Drivers --> rundll.exe setupx.dll,InstallHinfSection DefaultInstall 132 c:\lvideo2\lvcam\lvdel.inf
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sound Blaster PCI --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE4E3960-DB28-4968-8B93-D26C79B50F10}\setup.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1434 / Error
Event Submitted/Written: 07/08/2008 09:12:50 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x2ee7

Event Record #/Type1417 / Warning
Event Submitted/Written: 07/03/2008 09:52:15 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1416 / Error
Event Submitted/Written: 07/03/2008 08:31:48 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type1415 / Error
Event Submitted/Written: 07/03/2008 08:31:48 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1410 / Warning
Event Submitted/Written: 07/02/2008 09:52:15 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12749 / Warning
Event Submitted/Written: 07/08/2008 09:10:22 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type12688 / Warning
Event Submitted/Written: 07/08/2008 08:17:23 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver hp deskjet 845c series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku04.dll, hpzntp04.dll, hpf84504.dat, hpfuih04.hlp, hpzr3204.dll, hpzrpp04.dll, hpzimv04.dll, hpzpcl04.dll, hpzcon04.dll, hpzcfg04.exe, hpzeng04.exe, hpzime04.dll, hpzjui04.dll, hpzpre04.exe, hpzstc04.exe, hpztbi04.dll, hpztbu04.exe, hpztbx04.exe, hpzlnt04.dll, hpzcoi04.dll.

Event Record #/Type12583 / Error
Event Submitted/Written: 07/03/2008 09:52:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type12582 / Error
Event Submitted/Written: 07/03/2008 08:33:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver
Fips
i8042prt
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Event Record #/Type12581 / Error
Event Submitted/Written: 07/03/2008 08:33:00 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-08 21:13:20 ------------



File: Report.txt

Username "Kan" - -07-08 星期二 20:46:49 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdqkf.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.74 85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{00ED066E-EBD1-4880-96BB-8277EC02BF6D}
"nameserver"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0CE3E7D5-B355-4016-B477-A241A72779F4}
"nameserver"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9A12A3B7-8C5F-4CAF-AD48-5043E015FE1F}
"nameserver"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E3C1E557-647B-42CA-9572-B4B65F4CC5E8}
"nameserver"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{00ED066E-EBD1-4880-96BB-8277EC02BF6D}
"DhcpNameServer"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0CE3E7D5-B355-4016-B477-A241A72779F4}
"DhcpNameServer"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44A78F97-D62D-4533-AD32-511523EA507A}
"DhcpNameServer"="85.255.115.74,85.255.112.129" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E3C1E557-647B-42CA-9572-B4B65F4CC5E8}
"DhcpNameServer"="85.255.115.74,85.255.112.129" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdqkf.ren 63431 2001-08-23

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"draw memo up hide"="C:\\Documents and Settings\\All Users\\Application Data\\platform dupe draw memo\\Free Skip.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"startstupid"="C:\\DOCUME~1\\Kan\\APPLIC~1\\JUMPSI~1\\Bend itch seek.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 08 July 2008 - 10:07 AM

Hello, I haven't seen you update your computer to Service Pack 1 yet.. Please do so now..

Firstly you have to patch Service Pack 1a to your computer. This patch contains critical securities updates for your computer. Without it your computer is wide open to re-infection and any fix attempt is useless.
Please go HERE to update your Windows to Service Pack 1a. Apply the update. After that please reboot before proceed to the next step.

Please
DO NOT apply Service Pack 2 into your computer until we give it all clear.





NEXT


Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.
NEXT


Please open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


Regards
fenzodahl512


-----Post was edited to include the correct link to SP1-----

Edited by fenzodahl512, 08 July 2008 - 10:22 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 17 July 2008 - 07:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users